========================================================================== Ubuntu Security Notice USN-1296-1 December 08, 2011 acpid vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS Summary: Several security issues were fixed in acpid. Software Description: - acpid: Advanced Configuration and Power Interface daemon Details: Oliver-Tobias Ripka discovered that an ACPI script incorrectly handled power button events. A local attacker could use this to execute arbitrary code, and possibly escalate privileges. (CVE-2011-2777) Helmut Grohne and Michael Biebl discovered that ACPI scripts were executed with a permissive file mode creation mask (umask). A local attacker could read files and modify directories created by ACPI scripts that did not set a strict umask. (CVE-2011-4578) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: acpid 1:2.0.10-1ubuntu2.3 Ubuntu 11.04: acpid 1:2.0.7-1ubuntu2.4 Ubuntu 10.10: acpid 1.0.10-5ubuntu4.4 Ubuntu 10.04 LTS: acpid 1.0.10-5ubuntu2.5 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1296-1 CVE-2011-2777, CVE-2011-4578 Package Information: https://launchpad.net/ubuntu/+source/acpid/1:2.0.10-1ubuntu2.3 https://launchpad.net/ubuntu/+source/acpid/1:2.0.7-1ubuntu2.4 https://launchpad.net/ubuntu/+source/acpid/1.0.10-5ubuntu4.4 https://launchpad.net/ubuntu/+source/acpid/1.0.10-5ubuntu2.5